Wednesday, December 9, 2015

In 2014, IOActive disclosed a series of attacks that affect multiple SATCOM
devices, some of which are commonly deployed on vessels. Although there is no
doubt that maritime assets are valuable targets, we cannot limit the attack
surface to those communication devices that vessels, or even large cruise ships,
are usually equipped with. In response to this situation, IOActive provides
services to evaluate the security posture of the systems and devices that make
up the modern integrated bridges and engine rooms found on cargo vessels and
cruise ships. [1]

There are multiple facilities, devices, and systems located on ports and
vessels and in the maritime domain in general, which are crucial to maintaining
safe and secure operations across multiple sectors and nations.

This blog post describes IOActive’s research related to one type of equipment
usually present in vessels, Voyage Data Recorders (VDRs). In order to
understand a little bit more about these devices, I’ll detail some of the
internals and vulnerabilities found in one of these devices, the Furuno
VR-3000.